graphql-threat-matrix
GraphQL vulnerability checker
A framework to help identify security gaps in GraphQL APIs by analyzing implementation differences and vulnerabilities.
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
287 stars
9 watching
28 forks
last commit: 12 months ago
Linked from 1 awesome list
escape-technologies/awesome-graphql-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| nicholasaleks/crackql | A utility for automatically generating and sending multiple payload variations to test GraphQL APIs' strength against common attacks such as brute-forcing, password spraying, and fuzzing. | 316 |
 davinerd/gql_intruder | A tool to assess vulnerabilities in GraphQL endpoints by simulating attacks. | 13 |
 gsmith257-cyber/graphcrawler | Automated testing toolkit for GraphQL APIs | 302 |
 omar2535/graphqler | A tool to dynamically test GraphQL APIs with a focus on context awareness | 126 |
 doyensec/inql | A tool for testing GraphQL APIs with vulnerability detection and customizable scans. | 1,540 |
 omar-dulaimi/graphql-shield-generator | Automatically generates a shield to restrict access to sensitive data in GraphQL schemas. | 9 |
 nerdsupremacist/graphaello | A tool that enables writing data-driven and type-safe applications in SwiftUI using GraphQL | 492 |
 swisskyrepo/graphqlmap | A tool for automating interaction with GraphQL endpoints for pentesting and vulnerability assessment. | 1,390 |
 dolevf/damn-vulnerable-graphql-application | An intentionally vulnerable GraphQL implementation to test security | 1,505 |
 incetarik/nestjs-graphql-zod | A library that provides a way to work with GraphQL objects using Zod validation objects. | 85 |
 btkelly/gandalf | A tool to manage application updates and security by detecting vulnerabilities and blocking older versions | 282 |
 denniskniep/gqlraider | A Burp Suite extension for inspecting and manipulating GraphQL queries | 21 |
| dolevf/graphw00f | Fingerprinting tool to identify the underlying GraphQL server technology behind a given endpoint. | 578 |
| dolevf/graphql-cop | A tool to scan GraphQL APIs for common security vulnerabilities and report potential issues | 382 |
 graphql-rust/graphql-parser | A tool for parsing and formatting GraphQL query and schema definitions in Rust. | 355 |